laravel 5.1 Password::reset returns passwords.password

Question

I have this function in controller and I can't reset password because I want to change character length to 5 digits.

public function postReset(Request $request)
{
  $this->validate($request, [
    'token' => 'required',
    'password' => 'required|confirmed|digits:5',
  ]);

  $credentials = $request->only(
    'email', 'password', 'password_confirmation', 'token'
  );

  $response = Password::reset($credentials, function ($user, $password) {
    $this->resetPassword($user, $password);
  });

  dd($response);
  switch ($response) {
    case Password::PASSWORD_RESET:
      return redirect($this->redirectPath());

    default:
      return redirect()->back()
        ->withInput($request->only('email'))
        ->withErrors(['email' => trans($response)]);
  }
}

protected function resetPassword($user, $password)
{
  $user->password = bcrypt($password);
  $user->save();
  Auth::login($user);
}

but it always says:

Whoops! There were some problems with your input.

Passwords must be at least six characters and match the confirmation.

And when I added:

dd($response);

it prints:

passwords.password

Any idea how to solve this?

Answer 1

If you want to change your Text and overwrite passwords.password then follow below steps

First Go to PasswordBroker.php

vendor\laravel\framework\src\Illuminate\Contracts\Auth\PasswordBroker.php

Go to line 35 and change here

const INVALID_PASSWORD =  '**any thing you want**';

Or if you want to change validation then follow below steps

First Go to PasswordBroker.php

vendor\laravel\framework\src\Illuminate\Auth\Passwords\PasswordBroker.php

Go to line 176 and change here

return $password === $confirm && mb_strlen($password) >= **any digit you want**;

Then go ResetsPasswords.php

vendor\laravel\framework\src\Illuminate\Foundation\Auth\ResetsPasswords.php

Go to line 69 and change here

'password' => 'required|confirmed|min:**degit you chose in **PasswordBroker.php****',

Thanks... It works

Answer 2

This happens because there is a hard coded validation in Illuminate\Auth\Passwords\PasswordBroker.

When the reset method is called, it will always call validateReset first, which in turn calls validateNewPassword:

public function validateNewPassword(array $credentials)
{
    list($password, $confirm) = [
        $credentials['password'],
        $credentials['password_confirmation'],
    ];

    if (isset($this->passwordValidator)) {
        return call_user_func(
            $this->passwordValidator, $credentials) && $password === $confirm;
    }

    return $this->validatePasswordWithDefaults($credentials);
}

By default, passwordValidator is not set. So validatePasswordWithDefaults will require that the password be at least 6 characters long.

You can set a passwordValidator using Password::validator, which accepts a closure that must return a boolean value indicating whether the given credentials are valid. This needs to be done before Password::reset.

For example, changing the validator to require that the password be exactly 5 characters long would satisfy your requirements in particular.

Password::validator(function($credentials)
{
    return strlen($credentials['password']) === 5;
});

Answer 3

What you are looking for is in this class:

\Illuminate\Auth\Passwords\PasswordBroker

and this function

validatePasswordWithDefaults

This looks a little weird that 6 is hardcoded in this function. I guess there is probably better practice for changing that. Maybe you could over-ride the function in your controller. Try that as well.

Answer 4

Change this line:

'password' => 'required|confirmed|digits:5'

to

'password' => 'required|confirmed|min:5'